We're a small company with a small amount of servers - 2 windows servers and 1 linux server. We're at the moment experiencing a DDoS attack against our DNS server - probably some spoofed IP-addresses sending small requests that make my server return large messages (root hints).
The two Windows 2003 servers serve up both ourDomain.local and ourDomain.com - .local is of course giving the internal IPs of stuff, while .com gives out web server and MX records etc. Also, our internal users have these two DNS servers as their DNS servers. Anything the servers don't know about it forwards to our ISPs DNS servers, then it replies to the local clients.
Is there a way to get the DNS servers to reply like this:
- Internal clients - any request
- External clients - requests for ourDomain.com ONLY
Or do I actually need separate physical servers to do this?
If something is unclear or missing, let me know, and I will research.
Thanks!
Unfortunately there's no way to do this in W2K3. You'll need to set up another DNS server. My recommendation would be to leave the current servers as your AD\DNS servers for your internal AD\DNS clients and set up new servers to host your external zones.